Browse All Articles > Deploying Printers with Group Policy using security filtering
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that.
In this Article I'll show how to deploy printers automatically with group policy and then using security filtering to only deploy the group policy to members of a particular security group.
To follow these steps I will be assuming that you have already setup a windows print server. In the example below I have used a windows 2003 virtual server in a 2003 AD Domain.
Install the printer on the print server as you would any other network printer. Create a new global group that will be given access to the GPO and thus the printer
Then create your GP object:
Create a new GP object with appropriate name
Go to User Configuration – Windows Settings – and open Logon
Click on showfiles (Fig 1)and copy the file pushprinterconnections.exe
![Figure 1]()
Then click add and on script name type in pushprinterconnections.exe
![Figure 2]()
Giving appropriate access:
In the GPOE select the OU the GPO is under and expand on the left until you can click on the GP (fig.3)
![Figure 3]()
On the right hand side on the scope tab look below to see Security Filtering
Remove "Authenticated Users"
Add the global group you want to give access to the Group Policy
Deploying the printer on the print server:
In the printer management console right click the printer and click Deploy via group policy(fig 4)
![Figure 4]()
Click Browse and navigate to your newly created GPO (Fig .5)
![Figure 5]()
Select so that the GP only applies on the (per user) (Fig .6)
![Figure 6]()
Click Add
Hope you will find this Article helpful for your own printer deployments.
In this Article I'll show how to deploy printers automatically with group policy and then using security filtering to only deploy the group policy to members of a particular security group.
To follow these steps I will be assuming that you have already setup a windows print server. In the example below I have used a windows 2003 virtual server in a 2003 AD Domain.
Install the printer on the print server as you would any other network printer. Create a new global group that will be given access to the GPO and thus the printer
Then create your GP object:
Create a new GP object with appropriate name
Go to User Configuration – Windows Settings – and open Logon
Click on showfiles (Fig 1)and copy the file pushprinterconnections.exe
Then click add and on script name type in pushprinterconnections.exe
Giving appropriate access:
In the GPOE select the OU the GPO is under and expand on the left until you can click on the GP (fig.3)
On the right hand side on the scope tab look below to see Security Filtering
Remove "Authenticated Users"
Add the global group you want to give access to the Group Policy
Deploying the printer on the print server:
In the printer management console right click the printer and click Deploy via group policy(fig 4)
Click Browse and navigate to your newly created GPO (Fig .5)
Select so that the GP only applies on the (per user) (Fig .6)
Click Add
You should get a screen that says the printer has been successfully deployed
Reboot once or twice and your printer will be installed automatically wherever you logon.
Hope you will find this Article helpful for your own printer deployments.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (4)
Commented:
rundll32 printui.dll,PrintUIEntry /in /n "\\printserver\printer
to their logon script in sysvol, works great, easy to manage and don't have to fiddle with group policy
Author
Commented:The purpose of the article is to automatically deploy printers based on which security group you belong to.
It gives you way more flexibility and control over which users get which printers.
Where as deploying it via login script limits you and you really dont want many different login scripts just to deploy a printer to a different ou.
Much harder to administer I think.
Commented:
our environment has about 30 offices that logon to our tserv, and based off their 3 letter office code (matching the name of the logon script), everyone in that office gets the same printers. so would this maybe apply to my situation better if i had someone in an office that might have special needs/restrictions, or travels to other offices in our company? or possible an office setup that isn't a free love about their printer setup as we are? i'm just confused because it seems like adding a gpo is the same amount of work as a quick login script, and (i know i'm a wuss) i don't like fiddling with gpos
thank you for your time and being nice even though even i think i sounded like a jerk at first :)
Author
Commented:Sometimes you may only want certain people to have access to the expensive color printer , and this way it would be as simple as adding or removing them from a security group.
This way takes a short while to setup if you want to do things right the first time, but once you did , managing them afterwards would be easier.